kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: csi-upcloud-node
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app: csi-upcloud-node
  template:
    metadata:
      labels:
        app: csi-upcloud-node
        role: csi-upcloud
    spec:
      priorityClassName: system-node-critical
      serviceAccount: csi-upcloud-node-sa
      hostNetwork: true
      containers:
        - name: csi-node-driver-registrar
          image: registry.k8s.io/sig-storage/csi-node-driver-registrar:{{ upcloud_csi_node_image_tag }}
          args:
            - "--v=5"
            - "--csi-address=$(ADDRESS)"
            - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
          env:
            - name: ADDRESS
              value: /csi/csi.sock
            - name: DRIVER_REG_SOCK_PATH
              value: /var/lib/kubelet/plugins/storage.csi.upcloud.com/csi.sock
            - name: KUBE_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          volumeMounts:
            - name: plugin-dir
              mountPath: /csi/
            - name: registration-dir
              mountPath: /registration/
        - name: csi-upcloud-plugin
          image: ghcr.io/upcloudltd/upcloud-csi:{{ upcloud_csi_plugin_image_tag }}
          args:
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--nodehost=$(NODE_ID)"
            - "--mode=monolith"
          env:
            - name: CSI_ENDPOINT
              value: unix:///csi/csi.sock
            - name: UPCLOUD_USERNAME
              valueFrom:
                secretKeyRef:
                  name: upcloud
                  key: username
            - name: UPCLOUD_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: upcloud
                  key: password
            - name: NODE_ID
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          imagePullPolicy: "Always"
          securityContext:
            privileged: true
            capabilities:
              add: ["SYS_ADMIN"]
            allowPrivilegeEscalation: true
          volumeMounts:
            - name: plugin-dir
              mountPath: /csi
            - name: pods-mount-dir
              mountPath: /var/lib/kubelet
              # needed so that any mounts setup inside this container are
              # propagated back to the host machine.
              mountPropagation: "Bidirectional"
            - name: device-dir
              mountPath: /dev
      imagePullSecrets:
        - name: regcred
      volumes:
        - name: registration-dir
          hostPath:
            path: /var/lib/kubelet/plugins_registry/
            type: DirectoryOrCreate
        - name: plugin-dir
          hostPath:
            path: /var/lib/kubelet/plugins/storage.csi.upcloud.com
            type: DirectoryOrCreate
        - name: pods-mount-dir
          hostPath:
            path: /var/lib/kubelet
            type: Directory
        - name: device-dir
          hostPath:
            path: /dev
{% if upcloud_tolerations %}
      tolerations:
        {{ upcloud_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}
{% endif %}
